CVE-2025-64491 SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and below allow unauthenticated reflected Cross-Site Scripting XSS. Successful exploitation could lead to full account takeover, for example by altering the login form to send...

CVE-2023-30483

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kiboko Labs Watu Quiz plugin = 3.3.9.2 versions...

PT-2023-29612 · Biztechc · Biztechc Copy/Move Comments Plugin

Name of the Vulnerable Software and Affected Versions: Biztechc Copy or Move Comments plugin versions 5.0.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This allows for malicious scripts to be injected into a website, potentially...

CVE-2023-44245

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin = 4.0.0 versions...

CVE-2023-34176

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Chilexpress Chilexpress woo oficial plugin = 1.2.9 versions...

CVE-2023-33325

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Teplitsa of social technologies Leyka plugin = 3.30.1 versions...

PT-2023-24638 · WordPress · Miled Wordpress Social Login

Name of the Vulnerable Software and Affected Versions: Miled WordPress Social Login plugin versions = 3.0.4 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

PT-2023-20337 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.7.1 through 10.9.1 Description: The issue allows a remote, unauthenticated attacker to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser...

PT-2023-8929 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Meridian versions prior to 2023.1.0 OpenNMS Horizon versions prior to 31.0.4 Description: The issue is related to unauthenticated, stored cross-site scripting in the display of alarm reduction keys, which could allow an attacker to...

CVE-2022-40290

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users...

CVE-2022-2266

University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2...

CVE-2019-1941

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists because the...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...